Managing Windows NTFS permissions (also know as Access Control Lists) has always been difficult for users because of the complex UI dialogs and concepts involved. Copying permissions is even harder because when you normally copy files from Explorer, permissions are not retained. You have to use command line tools like icacls to manage permissions. In this article, we will look at a free third party app called NTFS Permissions Tools that makes setting permissions extremely easy.
You can set permissions on files and folders from the Security tab in Properties.
A simpler UI appears when you click the Edit button. If you want to change the Owner or adjust permissions on a more fine-grained level, you can click the Advanced button to bring up the Advanced Security Settings dialog.
However, in newer releases of Windows, the problem is that the Security tab only appears if the Properties for a single folder or single file are open. If you select multiple files or multiple folders and collectively try to set permissions on them, you will see that there is no Security tab at all. Instead, Microsoft wants you to use the command line tool, icacls.exe, which is very inconvenient. If you only want to take ownership of the object and grant full read-write permissions to the Administrators group, you can use Winaero's free TakeOwnershipEx tool to do this. But what if you wanted to set fine-grained permissions or change the permissions on a group of objects located in different folders and assign them to various user accounts?
The third party freeware app, called 'NTFS Permissions Tools' comes with an easy to use GUI for setting permissions and changing ownership on multiple files. It goes further than what Windows allows from its GUI and allows backing up permissions to a file from which it can restore them later. Or you can simply copy the permissions or all security settings on an object and paste them to another object. This is a very useful function because in Windows, various different rules apply when you copy or move files.
- When you copy or move an object to a different folder on the same volume (drive), the original permissions are retained, that is, the object preserves its permissions by default.
- When you copy or move an object to another volume (drive), the object inherits the permissions of its new parent folder.
However while copying or moving items, Windows offers you no easy control over this. NTFS Permissions Tools takes the pain out of this entirely because it can copy and paste permissions separate from the object itself.
- NTFS Permissions Tools is a portable tool, which requires no installation. It is developed by a Chinese developer, Han Rui. The website is here. but it always seems to have problems with links and the site URLs keep changing constantly. You can download the latest version of 'NTFS Permissions Tools' directly from the developer's blog. (link to his Chinese blog is here but the app itself does have an English UI). Extract the ZIP and run the appropriate version (32-bit or 64-bit) for your Windows version. If you are unable to download it from the developer's website, get it here from Winaero.
- When you open it, it will ask for UAC elevated permissions. Click Yes. The program has 1-click buttons to set Allow, Deny or Read-only permissions.
- It has two modes of operation. Edit Mode and Browse Mode. In Edit mode, you simply drag and drop any files and folders whose permissions you want to modify, inside its window.
- In Browse mode, you can browse files and folders like a file manager does. You can select a single file or folder or you can select multiple files and folders. Then you can right click on the selected items under any column and change the permissions, accounts and Owner.
- Clicking the Advanced button brings up a Windows-like interface for doing all the advanced tasks such as adjusting inheritable permissions, replacing child object permissions, selecting users or groups etc.
- You can also create NULL or empty Discretionary Access Control Lists (DACLs) on an object by right clicking it and selecting "Empty Access Control List". Null DACLs grant full access to anyone who can access the object. An empty DACL does not grant access to the object until the owner of the object assigns permissions.
Copying and pasting permissions
Right click any item whose permissions you want to copy and click "Copy Permissions" or "Copy Security Settings". The difference between the two is that the former only copies Allow/Read-Only/Deny permissions, whereas the latter copies the Owner as well. The program doesn't yet support copying Auditing permissions, so for configuring those you will have to use the Windows native permissions dialogs.
NTFS Permissions Tools is a must-have application for every system administrator or IT pro. Given the number of times you have to deal with permissions in newer releases of Windows when accessing another user's files, end users will find it useful too. You can reduce your usage of icacls for the tasks it supports, although for some activities like finding Security IDs, setting integrity level etc, icacls will still be required.